{"api_version":"1","generated_at":"2026-04-22T22:49:38+00:00","cve":"CVE-2026-28265","urls":{"html":"https://cve.report/CVE-2026-28265","api":"https://cve.report/api/cve/CVE-2026-28265.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-28265","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-28265"},"summary":{"title":"CVE-2026-28265","description":"PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files.","state":"PUBLISHED","assigner":"dell","published_at":"2026-04-01 08:16:05","updated_at":"2026-04-02 20:43:17"},"problem_types":["CWE-35","CWE-22","CWE-35 CWE-35: Path Traversal"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"7.1","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"security_alert@emc.com","type":"Secondary","score":"4.4","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"4.4","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L","data":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"LOW","baseScore":4.4,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L","version":"3.1"}}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000444169/dsa-2026-157-dell-powerstore-t-security-update-for-multiple-vulnerabilities","name":"https://www.dell.com/support/kbdoc/en-us/000444169/dsa-2026-157-dell-powerstore-t-security-update-for-multiple-vulnerabilities","refsource":"security_alert@emc.com","tags":["Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-28265","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28265","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Dell","product":"PowerStore","version":"affected 4.4.0.0-2692403 or later semver","platforms":[]},{"source":"CNA","vendor":"Dell","product":"PowerStore 500T","version":"affected 4.4.0.0-2692403 or later semver","platforms":[]},{"source":"CNA","vendor":"Dell","product":"PowerStore 1000T","version":"affected 4.4.0.0-2692403 or later semver","platforms":[]},{"source":"CNA","vendor":"Dell","product":"PowerStore 1200T","version":"affected 4.4.0.0-2692403 or later semver","platforms":[]},{"source":"CNA","vendor":"Dell","product":"PowerStore 3000T","version":"affected 4.4.0.0-2692403 or later semver","platforms":[]},{"source":"CNA","vendor":"Dell","product":"PowerStore 3200Q","version":"affected 4.4.0.0-2692403 or later semver","platforms":[]},{"source":"CNA","vendor":"Dell","product":"PowerStore 3200T","version":"affected 4.4.0.0-2692403 or later semver","platforms":[]},{"source":"CNA","vendor":"Dell","product":"PowerStore 5000T","version":"affected 4.4.0.0-2692403 or later semver","platforms":[]},{"source":"CNA","vendor":"Dell","product":"PowerStore 5200Q","version":"affected 4.4.0.0-2692403 or later semver","platforms":[]},{"source":"CNA","vendor":"Dell","product":"PowerStore 5200T","version":"affected 4.4.0.0-2692403 or later semver","platforms":[]},{"source":"CNA","vendor":"Dell","product":"PowerStore 7000T","version":"affected 4.4.0.0-2692403 or later semver","platforms":[]},{"source":"CNA","vendor":"Dell","product":"PowerStore 9000T","version":"affected 4.4.0.0-2692403 or later semver","platforms":[]},{"source":"CNA","vendor":"Dell","product":"PowerStore 9200T","version":"affected 4.4.0.0-2692403 or later semver","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2026","cve_id":"28265","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"dell","cpe5":"powerstoreos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"28265","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"dell","cpe5":"powerstore_1000t","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"28265","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"dell","cpe5":"powerstore_1200t","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"28265","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"dell","cpe5":"powerstore_3000t","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"28265","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"dell","cpe5":"powerstore_3200q","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"28265","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"dell","cpe5":"powerstore_3200t","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"28265","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"dell","cpe5":"powerstore_5000t","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"28265","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"dell","cpe5":"powerstore_500t","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"28265","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"dell","cpe5":"powerstore_5200q","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"28265","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"dell","cpe5":"powerstore_5200t","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"28265","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"dell","cpe5":"powerstore_7000t","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"28265","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"dell","cpe5":"powerstore_9000t","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"28265","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"dell","cpe5":"powerstore_9200t","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"28265","cve":"CVE-2026-28265","epss":"0.000140000","percentile":"0.023660000","score_date":"2026-04-07","updated_at":"2026-04-08 00:03:39"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-28265","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-04-01T13:10:06.196625Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-04-01T13:10:14.638Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"PowerStore","vendor":"Dell","versions":[{"lessThan":"4.4.0.0-2692403 or later","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"PowerStore 500T","vendor":"Dell","versions":[{"lessThan":"4.4.0.0-2692403 or later","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"PowerStore 1000T","vendor":"Dell","versions":[{"lessThan":"4.4.0.0-2692403 or later","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"PowerStore 1200T","vendor":"Dell","versions":[{"lessThan":"4.4.0.0-2692403 or later","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"PowerStore 3000T","vendor":"Dell","versions":[{"lessThan":"4.4.0.0-2692403 or later","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"PowerStore 3200Q","vendor":"Dell","versions":[{"lessThan":"4.4.0.0-2692403 or later","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"PowerStore 3200T","vendor":"Dell","versions":[{"lessThan":"4.4.0.0-2692403 or later","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"PowerStore 5000T","vendor":"Dell","versions":[{"lessThan":"4.4.0.0-2692403 or later","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"PowerStore 5200Q","vendor":"Dell","versions":[{"lessThan":"4.4.0.0-2692403 or later","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"PowerStore 5200T","vendor":"Dell","versions":[{"lessThan":"4.4.0.0-2692403 or later","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"PowerStore 7000T","vendor":"Dell","versions":[{"lessThan":"4.4.0.0-2692403 or later","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"PowerStore 9000T","vendor":"Dell","versions":[{"lessThan":"4.4.0.0-2692403 or later","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"PowerStore 9200T","vendor":"Dell","versions":[{"lessThan":"4.4.0.0-2692403 or later","status":"affected","version":"0","versionType":"semver"}]}],"datePublic":"2026-03-25T06:30:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files."}],"value":"PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"LOW","baseScore":4.4,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-35","description":"CWE-35: Path Traversal","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-04-01T07:41:28.180Z","orgId":"c550e75a-17ff-4988-97f0-544cde3820fe","shortName":"dell"},"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000444169/dsa-2026-157-dell-powerstore-t-security-update-for-multiple-vulnerabilities"}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 1.0.1"}}},"cveMetadata":{"assignerOrgId":"c550e75a-17ff-4988-97f0-544cde3820fe","assignerShortName":"dell","cveId":"CVE-2026-28265","datePublished":"2026-04-01T07:41:28.180Z","dateReserved":"2026-02-25T18:04:25.462Z","dateUpdated":"2026-04-01T13:10:14.638Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-04-01 08:16:05","lastModifiedDate":"2026-04-02 20:43:17","problem_types":["CWE-35","CWE-22","CWE-35 CWE-35: Path Traversal"],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dell:powerstoreos:*:*:*:*:*:*:*:*","versionEndExcluding":"4.4.0.0-2692403","matchCriteriaId":"6ACE53EA-9063-407A-BA59-B18F4362A201"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:dell:powerstore_1000t:-:*:*:*:*:*:*:*","matchCriteriaId":"FD5BE2B0-BB56-4E6C-8818-26910B23CE31"},{"vulnerable":false,"criteria":"cpe:2.3:h:dell:powerstore_1200t:-:*:*:*:*:*:*:*","matchCriteriaId":"AB965674-7EBA-437E-A13B-39BC3F3FE139"},{"vulnerable":false,"criteria":"cpe:2.3:h:dell:powerstore_3000t:-:*:*:*:*:*:*:*","matchCriteriaId":"861B5BE7-159A-41FF-9658-D243051CAC88"},{"vulnerable":false,"criteria":"cpe:2.3:h:dell:powerstore_3200q:-:*:*:*:*:*:*:*","matchCriteriaId":"8456D5B0-3D6A-4020-B693-D949EE2BA12E"},{"vulnerable":false,"criteria":"cpe:2.3:h:dell:powerstore_3200t:-:*:*:*:*:*:*:*","matchCriteriaId":"E0A29ED1-5CE6-4D49-A079-7F4E6D782DE1"},{"vulnerable":false,"criteria":"cpe:2.3:h:dell:powerstore_5000t:-:*:*:*:*:*:*:*","matchCriteriaId":"2D5EE934-AD08-4C2B-B3EA-878975EE825E"},{"vulnerable":false,"criteria":"cpe:2.3:h:dell:powerstore_500t:-:*:*:*:*:*:*:*","matchCriteriaId":"6B529671-71A1-428C-BC17-C8E002222FEA"},{"vulnerable":false,"criteria":"cpe:2.3:h:dell:powerstore_5200q:-:*:*:*:*:*:*:*","matchCriteriaId":"B7CD86DB-77F8-45C8-848C-DD9DE9DA966D"},{"vulnerable":false,"criteria":"cpe:2.3:h:dell:powerstore_5200t:-:*:*:*:*:*:*:*","matchCriteriaId":"F0FCFFD4-A989-4AF3-99DF-32AE2547D9C1"},{"vulnerable":false,"criteria":"cpe:2.3:h:dell:powerstore_7000t:-:*:*:*:*:*:*:*","matchCriteriaId":"37E8CD6E-65F4-48A0-B796-93E4EE51BD06"},{"vulnerable":false,"criteria":"cpe:2.3:h:dell:powerstore_9000t:-:*:*:*:*:*:*:*","matchCriteriaId":"D9BB1B88-C9C0-4B08-84C6-279C79E34CD3"},{"vulnerable":false,"criteria":"cpe:2.3:h:dell:powerstore_9200t:-:*:*:*:*:*:*:*","matchCriteriaId":"F90EFCBC-F720-4426-8043-EB1489820C22"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"28265","Ordinal":"1","Title":"CVE-2026-28265","CVE":"CVE-2026-28265","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"28265","Ordinal":"1","NoteData":"PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files.","Type":"Description","Title":"CVE-2026-28265"}]}}}